Global cybersecurity report identifies serious gaps

More powers for police to combat cross-border cybercrime are needed according to a new global study, Cyber-security: The Vexed Question of Global Rules, by security specialist McAfee and the Brussels-based think-tank Security and Defence Agenda (SDA).

The report, which claims to present a global snapshot of current thinking about the cyber-threat and the measures that should be taken to defend against the problem, has identified serious gaps in tackling the problem.

Real-time sharing of global intelligence was a core recommendation of the report, citing the building of trust between industry stakeholders by setting up bodies to share information and best practices, like the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA).

“The core problem is that the cyber criminal has greater agility, given large funding streams and no legal boundaries to sharing information and can thus choreograph well-orchestrated attacks into systems,” said Phyllis Schneck, vice-president and chief technology officer, Global Public Sector, McAfee. “Until we can pool our data and equip our people and machines with intelligence, we are playing chess with only half the pieces.”

Experts interviewed also agreed that developments such as smartphones and cloud computing are creating a whole new set of problems linked to inter-connectivity and sovereignty that require new regulations and new thinking. Last year, McAfee issued a Q3 threat report that stated that the total amount of malware targeted at Android devices jumped 76 per cent from Q2 of 2010 to Q2 of last year, to become the most attacked mobile operating system.

The SDA, a defense and security group, interviewed leading global security experts to ensure findings would offer usable recommendations and actions. The report was created to identify key debate areas and trends and to help governments and organisations understand how their cyber defence posture compares to those of other countries and organisations.

Key findings included:

•57 per cent of global experts believe that an arms race is taking place in cyber space;

•36 per cent believe cyber-security is more important than missile defense;

•43 per cent identified damage or disruption to critical infrastructure as the greatest single threat posed by cyber-attacks with wide economic consequences;

•45 per cent of respondents believe that cyber-security is as important as border security; and

•The state of cyber-readiness of the UK, US, Australia, China and Germany all ranked behind smaller countries such as Israel, Sweden and Finland.

The SDA conducted in-depth interviews some 80 world-leading policy-makers and cybersecurity experts in government, business and academia in 27 countries and anonymously surveyed 250 world leaders in 35 countries to get these findings. The top six actions it recommends as a result are:

•Real-time global information sharing required;

•Financial incentives for critical improvements in security for both private and public sectors;

•Give more power to law enforcement to combat cross-border cyber crime;

•Best practice-led international security standards need to be developed;

•Diplomatic challenges facing global cyber treaties need to be addressed; and

•Public awareness campaigns that go beyond current programmes to help citizens.

The report also highlights a need to address an expected shortage in the ‘cyber workforce’, with more than half of respondents warning of a coming skills shortage, a low level of preparedness for cyber attacks and a lack of strong participation from industry in cyber-security exercises (only 20 per cent of those questioned in the private sector had taken part in such exercises).

While many respondents believed that global treaties were an essential factor in the development of sound policy, some also suggested the establishment of cyber-confidence building measures as alternatives to glo